W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: [secdir] additional mechanisms on top of the auth framework, was: SECDIR review of draft-ietf-httpbis-p7-auth-24

From: Nico Williams <nico@cryptonector.com>
Date: Thu, 31 Oct 2013 09:51:02 -0500
To: Julian Reschke <julian.reschke@greenbytes.de>
Cc: Stephen Kent <kent@bbn.com>, secdir <secdir@ietf.org>, fielding@gbiv.com, mnot@pobox.com, Barry Leiba <barryleiba@computer.org>, Pete Resnick <presnick@qti.qualcomm.com>, "Mankin, Allison" <amankin@verisign.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20131031145059.GA29480@gmail.com>
On Thu, Oct 31, 2013 at 02:54:45PM +0100, Julian Reschke wrote:
> On 2013-10-29 20:35, Stephen Kent wrote:
> >...
> 
> 
> OK. Maybe:
> 
> "HTTP does not restrict applications to this simple
> challenge-response framework. Additional mechanisms can be used,
> such as additional header fields carrying authentication
> information, or encryption on the transport layer in order to
> provide confidentiality. However, such additional mechanisms are not
> defined by this specification."

Or even -as pretty much all web authentication is done- *above* HTTP.

Nico
-- 
Received on Thursday, 31 October 2013 14:51:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC